On 31/03/2006, at 14:24, Jorge Godoy wrote: > And what about commercial systems? You'll tell your client that > he's tied to > you to a simple task as that of saying who can and who can't access > what? I > mean, he'll have to pay your hourly costs for this task all the > time something > changes? And he'll have to "rethink" if the existing permissions > apply always > when he hires a new employee? (Remember: he'll want to avoid costs > with that, > so security *will be* sub-optimum...) > >
I agree with Jorge here. The security policy should be the administrator's responsibility, not the developers. For example, in unix (be it plain ol' PAM or a fancy ACL system like SELinux) no line of code needs to be written to change the permissions or capabilities of a given user, just use the system tools for the job which any sysadmin can do. My 2c, Alberto --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
